Tornado Cash
Basics * A ZK-snark based, non-custodial ETH mixer. From Token Economy: "Another ETH mixer has launched on mainnet (though yet unaudited). This one is powered by zkSnarks technology, providing non-custodial, trustless, serverless, private transactions on the Ethereum network. We've seen a bit of a wave of these mixers lately, with Hopper, Heiswap and a bunch of others. Clearly privacy is coming to Ethereum as a feature, fast. Interestingly the founder of Tornado also published a critical vulnerability common to all of them, which allowed double-spending. It was an easy fix, but still shows how experimental all these tools are." * From this Gitcoin Grant Round 4 blog (30-1-2020) in which it was the top pick for Tech Grants: "Tornado Cash improves the ability for private transactions on Ethereum. Tornado improves transaction privacy by breaking the on-chain link between recipient and destination addresses. It uses a smart contract that accepts ETH deposits that can be withdrawn by a different address. Whenever ETH is withdrawn by the new address, there is no way to link the withdrawal to the deposit, ensuring complete privacy. During the round, they received 308 contributions — some no doubt affected by the blog post written by former Bitcoin Core developer Gavin Andresen about the potential for Tornado. While it’s still early days for the privacy community on Ethereum, Tornado has helped the community take a huge leap forward into concretely considering what private transactions might look like on the network." Audit * Had a vulnerability which was found (2-2-2020) in one of the first pro bono security audits done by The Ethereum Foundation. It got fixed and effected a pool of less then 100 tx. Review * From this review 7-8-2019: “In theory this is pretty cool but in practise I imagine most people will mix through a centralised connection to the ETH network like Infura ruining not only their own privacy but also massively reducing the anonymity set for people who connect through their own full node. Also it claims to be non-custodial yet the zk-SNARK params were generated on a single build server. This means if anyone has a copy of those params they can empty all the funds in the smart contract at any moment. I don’t think it’s really fair to call that non-custodial although I see how you could argue it is. Also something of this complexity implemented as a smart contract is slightly terrifying. Given that relatively simple applications in comparison (DAO/ERC-20 tokens/multisig) have been repeatedly bodged with major bugs/vulnerabilities in the contracts that lead to theft or permanent loss of funds, I’d be worried about trusting a zero knowledge mixing protocol to be implemented as a bug free smart contract. Not to mention, the fact that this is all implemented as a smart contract, so fees will be very high and very sensitive to gas price increases. @light’s article⁩ mentions the gas fee was 3.734% of the total mixed amount. That’s a lot and would increase rapidly of gas fees go up. At those prices it would be much cheaper to just trade on an exchange for Monero and back. Another issue is that anyone who mixes is gonna stand out like a sore thumb. The number of people who are interested in mixing, willing to pay those fees, and actually understand how to do this properly without breaking anonymity will likely be pretty small. Add to that the fact that address re-use is encouraged in Ethereum, it will be trivial to track all the funds that have been mixed through this contract.”Category:Companies/Organisations